Privacy Policy

1. Who We Are

SpikeDesk is operated by Jiten Suresh Patel (Sole Proprietor), based in Kalyan, Maharashtra, India ("we", "us"). We are the data fiduciary for personal data you provide to SpikeDesk, as defined under the Digital Personal Data Protection Act, 2023 (India).

2. What Data We Collect

• Account data: email address, name, password hash (never the plaintext password).
• Payment data: we do NOT store card/UPI/bank details. Payments are handled by Cashfree Payments India Pvt Ltd; we only receive a transaction identifier, amount and status.
• Usage data: pages visited, IP address (truncated after 30 days), browser user-agent, timestamps. Used only for security and performance.
• Cookies: a session cookie to keep you logged in. No third-party advertising cookies.

3. Why We Collect It

• to create and manage your account;
• to deliver the paid subscription service;
• to process payments via our payment aggregator;
• to send transactional emails (receipts, password resets, service notices);
• to prevent fraud, abuse and unauthorised access;
• to comply with applicable law.

4. How We Store It

Your data is stored on servers located in India. Passwords are stored as salted bcrypt hashes. We use HTTPS for all data in transit. We retain account data for as long as your account is active, and for up to 3 years after closure for statutory and dispute-resolution purposes.

5. Who We Share It With

We do not sell your personal data. We share only with:

• Cashfree Payments India Pvt Ltd — for payment processing (subject to their privacy policy);
• Email service providers (e.g. for transactional emails);
• Law-enforcement or regulators where required by a lawful order.

6. Your Rights (under DPDP Act, 2023)

You have the right to:

• access the personal data we hold about you;
• request correction of inaccurate data;
• request erasure of your data (subject to legal retention requirements);
• withdraw consent and close your account;
• file a complaint with the Data Protection Board of India.

To exercise these rights, email jitenpatel6438@gmail.com.

7. Data Breach Notification

In the event of a personal-data breach that is likely to result in risk to your rights, we will notify you and the Data Protection Board within the timelines prescribed under the DPDP Act.

8. Children

SpikeDesk is not directed to persons under 18. We do not knowingly collect data from minors.

9. Changes

We may update this Privacy Policy from time to time. The current version is always available at /privacy.

10. Grievance Officer

For any privacy-related concerns:
Jiten Suresh Patel (Grievance Officer)
Kalyan, Maharashtra, India
Email: jitenpatel6438@gmail.com